diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2023-08-29 01:47:31 +0300 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2023-10-28 03:14:11 +0300 |
commit | 1939316bf988f3e49a07d9c4dd6f660bf4daa53d (patch) | |
tree | 41ba99310df374f9125e15ee15f2a8e08dec6dd0 | |
parent | 1f36cd05e0081f2c75769a551d584c4ffb2a5660 (diff) | |
download | linux-1939316bf988f3e49a07d9c4dd6f660bf4daa53d.tar.xz |
io_uring: kiocb_done() should *not* trust ->ki_pos if ->{read,write}_iter() failed
->ki_pos value is unreliable in such cases. For an obvious example,
consider O_DSYNC write - we feed the data to page cache and start IO,
then we make sure it's completed. Update of ->ki_pos is dealt with
by the first part; failure in the second ends up with negative value
returned _and_ ->ki_pos left advanced as if sync had been successful.
In the same situation write(2) does not advance the file position
at all.
Reviewed-by: Christian Brauner <brauner@kernel.org>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | io_uring/rw.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/io_uring/rw.c b/io_uring/rw.c index c8c822fa7980..08d94fb972f0 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c @@ -339,7 +339,7 @@ static int kiocb_done(struct io_kiocb *req, ssize_t ret, struct io_rw *rw = io_kiocb_to_cmd(req, struct io_rw); unsigned final_ret = io_fixup_rw_res(req, ret); - if (req->flags & REQ_F_CUR_POS) + if (ret >= 0 && req->flags & REQ_F_CUR_POS) req->file->f_pos = rw->kiocb.ki_pos; if (ret >= 0 && (rw->kiocb.ki_complete == io_complete_rw)) { if (!__io_complete_rw_common(req, ret)) { |